vpn-ws
vpn-ws copied to clipboard
unbit
Connection refused
hi.
yudeMacBook-Air:vpn-ws brite$ sudo ./vpn-ws-client /dev/tap0 wss://mydomain.com/vpn Password: [Wed Jul 13 11:36:02 2016] connecting to mydomain.com port 443 (transport: wss) [Wed Jul 13 11:36:03 2016] vpn_ws_connect()/connect(): Connection refused [Wed Jul 13 11:36:03 2016] disconnected
how to fix it? thank u.
hi.
yes,i executed the server part.
root@AR:~# ps aux|grep vpn-ws root 967 0.0 0.0 2120 460 ? S 7月12 0:00 ./vpn-ws /run/vpn.sock root 3264 0.0 0.1 4664 1000 pts/0 S+ 03:15 0:00 grep vpn-ws root@AR:~#
there is one thing i don't understand.the client must connect to the server's port 443? how to set to make it to connect to another port?
hi.
yudeMacBook-Air:vpn-ws brite$ sudo ./vpn-ws-client /dev/tap0 wss://mydomain.com:449/vpn Password: [Wed Jul 13 16:00:09 2016] connecting to mydomain.com port 449 (transport: wss) [Wed Jul 13 16:00:39 2016] vpn_ws_connect()/gethostbyname(): unable to resolve name [Wed Jul 13 16:00:39 2016] disconnected
how to fix it? thank u
Which domain are you using in place of mydomain.com ? it looks like the system is not able to resolve it
now the domain resolves properly.but still there is error:
yudeMacBook-Air:vpn-ws brite$ sudo ./vpn-ws-client /dev/tap0 wss://ws.smt.biz.st:449/ Password: [Wed Jul 13 17:03:27 2016] connecting to ws.smt.biz.st port 449 (transport: wss) [Wed Jul 13 17:03:28 2016] vpn_ws_ssl_handshake()/SSLHandshake(): -9807 [Wed Jul 13 17:03:28 2016] disconnected
my nginx config part: server { listen 449; server_name ws.smt.biz.st; index index.html index.htm; root /usr/share/nginx/html/; location / { include /etc/nginx/uwsgi_params; uwsgi_pass unix:/run/vpn.sock; } ssl on; ssl_certificate /etc/nginx/public.crt; ssl_certificate_key /etc/nginx/private.key; }
how to fix it? thank u
you have to fix your ssl certificates in nginx. -9807 means "invalid certificate chain"
If you do not have a valid certificate use the --no-verify option
i see. sudo ./vpn-ws-client /dev/tap0 wss://ws.smt.biz.st:449/ --no-verify
now i can connect successfully. sudo ./vpn-ws-client /dev/tap0 wss://ws.smt.biz.st:449/ --no-verify Password: [Wed Jul 13 17:28:39 2016] connecting to ws.smt.biz.st port 449 (transport: wss) [Wed Jul 13 17:28:40 2016] connected to ws.smt.biz.st port 449 (transport: wss)
but i still cannot cross gfw(great firewall of china).in my browser,i cancelled proxy setting.and visit http://whatismyipaddress.com ,the site still shows the ip my isp assigned to me,doesn't show my vps's ip. why?
once the tunnel is established you should route all (or part) of your traffic to the vpn interface. One of the ways (on osx) is:
route add default <internal ip of the gateway>
ensure the server has nat enabled for the vpn interface
hi.
yudeMacBook-Air:~ brite$ sudo route add default 10.8.0.1 route: writing to routing socket: File exists add net default: gateway 10.8.0.1: File exists yudeMacBook-Air:~ brite$
is the 2 "File exists" hint normal?and in my server,how to set the internal ip?
hi.
on my mac, i run: yudeMacBook-Air:~ brite$ sudo route add my_vps_ip 182.16.0.1 Password: add host my_vps_ip: gateway 182.16.0.1 yudeMacBook-Air:~ yuming$ cd vpn-ws
then, sudo ./vpn-ws-client /dev/tap1 wss://ws.smt.biz.st:449/ --no-verify [Thu Jul 14 15:45:57 2016] connecting to ws.smt.biz.st port 449 (transport: wss) [Thu Jul 14 15:45:59 2016] connected to ws.smt.biz.st port 449 (transport: wss)
and i login my vps,run: root@AR:~# iptables -t nat -A POSTROUTING -s 182.16.0.0/24 -o venet0 -j MASQUERADE root@AR:~#
then i cancelled proxy setting in browser on my mac.and visit http://whatismyipaddress.com ,the site still shows the ip my isp assigned to me,doesn't show my vps's ip. why?
tks for ur reply
sudo route add my_vps_ip 182.16.0.1
the problem is here, you have to set a default gw route not a route to the server
hi.
yudeMacBook-Air:~ brite$ sudo route add 182.16.0.2 182.16.0.1 Password: add host 182.16.0.2: gateway 182.16.0.1 yudeMacBook-Air:~ brite$
still not ok to cross the GFW. how to fix it?tks
You have to set the default gw:
route add default 182.16.0.1
before this, check 182.16.0.1 is reachable pinging it
Oh and obviously hold a route to the vps:
route add <ip_of_the_vps> <original_gateway>
otherwise you will not be able to reach the vps anymore
hi.
yudeMacBook-Air:vpn-ws brite$ sudo ./vpn-ws-client /dev/tap0 wss://ws.smt.biz.st:449/ --no-verify Password: [Thu Jul 14 18:10:53 2016] connecting to ws.smt.biz.st port 449 (transport: wss) [Thu Jul 14 18:11:00 2016] connected to ws.smt.biz.st port 449 (transport: wss)
but i cannot ping thru 182.16.0.1: yudeMacBook-Air:~ brite$ ping 182.16.0.1 PING 182.16.0.1 (182.16.0.1): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2 Request timeout for icmp_seq 3 Request timeout for icmp_seq 4 Request timeout for icmp_seq 5 Request timeout for icmp_seq 6 ^C --- 182.16.0.1 ping statistics --- 8 packets transmitted, 0 packets received, 100.0% packet loss yudeMacBook-Air:~ brite$
headache.why i cannot ping thru 182.16.0.1?? it's strange. tks
can you paste your routing table (the osx one) after the connection is established ?
hi
my mac's routing table: yudeMacBook-Air:~ brite$ netstat -nr Routing tables
Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.1 UGSc 16 10 en0 127 127.0.0.1 UCS 0 19 lo0 127.0.0.1 127.0.0.1 UH 47 132396 lo0 169.254 link#4 UCS 1 0 en0 169.254.244.229 1c:87:2c:63:f8:38 UHLSW 0 0 en0 325 192.168.1 link#4 UCS 2 0 en0 192.168.1.1/32 link#4 UCS 1 0 en0 192.168.1.1 b0:48:7a:25:11:aa UHLWIir 17 202 en0 624 192.168.1.100 0:23:cd:69:ef:7 UHLWI 0 0 en0 1171 192.168.1.101/32 link#4 UCS 0 0 en0 192.168.1.105 1c:87:2c:63:f8:38 UHLWI 0 0 en0 352 224.0.0 link#4 UmCS 1 0 en0 224.0.0.251 1:0:5e:0:0:fb UHmLWI 0 0 en0 255.255.255.255/32 link#4 UCS 0 0 en0
Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UHL lo0 fe80::%lo0/64 fe80::1%lo0 UcI lo0 fe80::1%lo0 link#1 UHLI lo0 fe80::%en0/64 link#4 UCI en0 fe80::e2ac:cbff:fe76:bca6%en0 e0:ac:cb:76:bc:a6 UHLI lo0 fe80::%awdl0/64 link#8 UCI awdl0 fe80::309b:acff:fe05:170c%awdl0 32:9b:ac:5:17:c UHLI lo0 ff01::%lo0/32 ::1 UmCI lo0 ff01::%en0/32 link#4 UmCI en0 ff01::%awdl0/32 link#8 UmCI awdl0 ff02::%lo0/32 ::1 UmCI lo0 ff02::%en0/32 link#4 UmCI en0 ff02::%awdl0/32 link#8 UmCI awdl0 yudeMacBook-Air:~ brite$
it looks like you are not enabling the network interface like explained here: https://github.com/unbit/vpn-ws#the---exec-trick
about vpn-ws-client --exec "ifconfig vpn17 192.168.173.17 netmask 255.255.255.0" vpn17 wss://example.com/
what is vpn17?
the follwoing is the result of ifconfig on my mac:
yudeMacBook-Air:sockstunnel brite$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether e0:ac:cb:76:bc:a6
inet6 fe80::e2ac:cbff:fe76:bca6%en0 prefixlen 64 scopeid 0x4
inet 192.168.1.101 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 9a:00:03:47:af:20
media: autoselect
the following is the result of ifconfig on my vps:
root@AR:~# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:321056 errors:0 dropped:0 overruns:0 frame:0
TX packets:321056 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:748826124 (714.1 MiB) TX bytes:748826124 (714.1 MiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.168.0.10 P-t-P:10.168.0.10 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:19033435 errors:0 dropped:0 overruns:0 frame:0
TX packets:18282270 errors:0 dropped:211 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13314870269 (12.4 GiB) TX bytes:12697612106 (11.8 GiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:104.255.35.132 P-t-P:104.255.35.132 Bcast:104.255.35.132 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
root@AR:~#
the following is routing table on my vps: root@AR:~# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 182.16.0.1 255.255.255.255 UGH 0 0 0 venet0 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 venet0 root@AR:~# route -e Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default 182.16.0.1 255.255.255.255 UGH 0 0 0 venet0 default * 0.0.0.0 U 0 0 0 venet0 root@AR:~#
so could u pls tell me in detail how to do? tks for ur kindness